A pragmatic solution to improve the security of your organization in times of Covid-19
It is not far-fetched to say Covid-19 has and will change the way we work and do business. And if you apply Information Security perspective to this view, the challenge is even bigger. With mass lockdowns across the world and millions of people working from home accessing business-critical, proprietary and confidential data from laptops and home PCs, organizations are faced with grave prospects of enhanced risks and data breaches.
Even in the business as usual times, ramping up security and meeting statutory compliances has been daunting for many organizations. It needs organizations to assess their security maturity and the business risk involved in moving their maturity from the current low (IST) situation to a better (SOLL) situation. Bridging this gap involves huge costs, effort, time and a trusted advisor who can guide through the rigorous implementation. Now let’s fast forward to the present time, not only does this process remain the same but the risks have magnified leading organizations to walk a tight rope trying to balance security risks and arduous implementations.
Applying my decades of experience in this field, I have arrived at a middle path so to say – a pragmatic, practical approach that can safeguard an organization’s immediate and urgent interests in these uncertain times and set it on a path for long term continuous compliance. In this approach, I propose an organization evaluates its current (IST) situation and defines where it wants to be (SOLL) and then moves towards it applying a step-by-step improvement plan. In other words, close the business risk driven ‘initial’ gap after evaluating the organization’s risk appetite and the organizational absorption for change. Of course, this approach needs to be iteratively checked to arrive at the next steps of improvements to implement.
Closing the initial gap will achieve two key things: one, it will set the organization on a path for full compliance and secondly, it will allow the organization precious insights into the business risks involved, equipping it with tools and ways to enable the next steps of improvement. Step-by-step improvement enables learning and adapting, in lieu of a misleading recipe of a best practice solution, which may put the organization on a path of very high risks and costs.
About Henk de Ruiter
Henk is a Trusted Advisor Cybersecurity with extensive experience in large Business/IT projects. He has advised/managed the development and implementation of business-critical software programs, with a focus on Governance, Risk, Compliance (GRC), Privacy (GDPR), realizing Security Compliance Assurance and managing TRUST! He works with great enthusiasm, find his way easily around in large and political organizations, has good communicative skills, he is a team player and he is able to find the balance between individual and organizational aspects. His career is built on close relationships with people from many different countries and cultural backgrounds. His passion is to improve the Cybersecurity maturity level to reach Security by Design and Privacy by Design. He is proud of having a track record to deliver as promised and to work in the Security Area proving Security to be a real business enabler. Henk is since 2013 with great enthusiasm active within the board of the PvIB (Platform for Information Security) in the Netherlands.
More on Henk de Ruiter.